org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-33228 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-33228 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15700434...

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-32141 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-32141 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15518042...

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...

CVE-2025-15095

CVE-2025-15095 affects postmanlabs httpbin up to 0.6.1. The flaw is in httpbin-master/httpbin/core.py, enabling cross-site scripting via manipulated input. Exploitation is remote and publicly disclosed. Multiple sources confirm the vulnerability, but remediation notes vary and, in at least one en...

httpbin 代码注入漏洞

httpbin is an open source HTTP request and response service from Postman Inc. A code injection vulnerability exists in httpbin version 0.6.1 and earlier, which stems from a flaw in the file httpbin-master/httpbin/core.py and could lead to a cross-site scripting attack...

EUVD-2025-198921

Malicious code in @postman/pm-bin-macos-arm64 npm...

EUVD-2025-198922

Malicious code in @postman/pm-bin-linux-x64 npm...

EUVD-2025-198916

Malicious code in @postman/postman-mcp-server npm...

Malicious code in @postman/postman-mcp-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b1da432f0b6ecaccc97520bb9697e6dbf44b04415bd15e6ac9864c86f3b37e The package @postman/postman-mcp-cli was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190905 Malicious code in @postman/pm-bin-macos-x64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7af6b141ac3ae548c7fadfe1523b270a35c69e8f5c20035f682e9ee726f1bdec The package @postman/pm-bin-macos-x64 was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190912 Malicious code in @postman/wdio-allure-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e12dee0f26482378a3726898a1190f71749f0cca809d0d6dc3d9c3419473924f The package @postman/wdio-allure-reporter was found to contain malicious code. Source: google-open-source-security...

Malicious code in @postman/wdio-allure-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e12dee0f26482378a3726898a1190f71749f0cca809d0d6dc3d9c3419473924f The package @postman/wdio-allure-reporter was found to contain malicious code. Source: google-open-source-security...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-windows-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-windows-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190906...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190903...

Malicious code in @postman/secret-scanner-wasm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1604689ef91985fbc1fe9f8958eb7a50835e71b7cfa4125de687ca37c2d19 The package @postman/secret-scanner-wasm was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-198918

Malicious code in @postman/postman-collection-fork npm...

EUVD-2025-198924

Malicious code in @postman/final-node-keytar npm...

MAL-2025-190907 Malicious code in @postman/postman-collection-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64948ce72be9099e788f3fd4ab6f5a1a67d0012429ae4e198bc7baa85a5197dd The package @postman/postman-collection-fork was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190911 Malicious code in @postman/secret-scanner-wasm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d1604689ef91985fbc1fe9f8958eb7a50835e71b7cfa4125de687ca37c2d19 The package @postman/secret-scanner-wasm was found to contain malicious code. Source: google-open-source-security...